Security concepts #2

Functional requirements – what a system must do.
Non functional requirements – how the system must behave. On top of performance, usability, maintanability -> security.CIA – Confidentiality (Privacy), Integrity, Availability + non-repudiation

Vulnerability / exposure / security incident

Vulnerability types: bugs and flaws. Bugs – defects in the development process; could be detected by automated tools. Flaws – defects in the design process; could not be detected by automated tools.
A vulnerability does not necessarily cause an impact. It needs 2 more steps:
– Exposure: if the vulnerability becomes known to an attacker
– Security incident: if the attacker takes advantage of the exposure to perform an attack